主机管理，对密码秘钥 进行加密

modules/module-ci-machine/pom.xml

@@ -24,10 +24,17 @@
             <groupId>cd.casic.boot</groupId>
             <artifactId>spring-boot-starter-security</artifactId>
         </dependency>
+        <!--加解密-->
         <dependency>
             <groupId>com.antherd</groupId>
             <artifactId>sm-crypto</artifactId>
-            <version>0.3.2.1-RELEASE</version>
+            <version>0.3.2</version>
         </dependency>
+        <dependency>
+            <groupId>org.openjdk.nashorn</groupId>
+            <artifactId>nashorn-core</artifactId>
+            <version>15.4</version>
+        </dependency>
+        <!--加解密-->
     </dependencies>
 </project>

modules/module-ci-machine/src/main/java/cd/casic/module/machine/service/impl/MachineInfoServiceImpl.java

@@ -10,6 +10,7 @@ import cd.casic.module.machine.dal.dataobject.MachineInfoDO;
 import cd.casic.module.machine.enums.MachineInfoStatus;
 import cd.casic.module.machine.service.MachineInfoService;
 import cd.casic.module.machine.service.SecretKeyService;
+import cd.casic.module.machine.utils.CryptogramUtil;
 import com.google.common.annotations.VisibleForTesting;
 import jakarta.annotation.Resource;
 import lombok.extern.slf4j.Slf4j;
@@ -47,6 +48,9 @@ public class MachineInfoServiceImpl implements MachineInfoService {
                 throw exception(SECRET_KEY_NOT_EXISTS);
             }
         }
+        if (Objects.nonNull(machineInfoDO.getPassword())) {
+            machineInfoDO.setPassword(CryptogramUtil.doEncrypt(machineInfoDO.getPassword()));
+        }
         machineInfoMapper.insert(machineInfoDO);
         return machineInfoDO.getId();
     }

modules/module-ci-machine/src/main/java/cd/casic/module/machine/service/impl/SecretKeyServiceImpl.java

@@ -54,14 +54,10 @@ public class SecretKeyServiceImpl implements SecretKeyService {
     public Long createSecretKey(SecretKeyVO secretKeyVO) {
         validateSecretKeyAdd(secretKeyVO);
         SecretKeyDO secretKeyDO = BeanUtils.toBean(secretKeyVO, SecretKeyDO.class);
-        try {
+        //密码加密
-            //密码加密
+        secretKeyDO.setPassword(CryptogramUtil.doEncrypt(secretKeyVO.getPassword()));
-            secretKeyDO.setPassword(CryptogramUtil.doEncrypt(secretKeyVO.getPassword()));
+        //公钥加密
-            //公钥加密
+        secretKeyDO.setPublicKey(CryptogramUtil.doEncrypt(secretKeyVO.getPublicKey()));
-            secretKeyDO.setPublicKey(CryptogramUtil.doEncrypt(secretKeyVO.getPublicKey()));
-        } catch (ScriptException e) {
-            throw exception(ENCRYPT_OR_DECRYPT_FAIL);
-        }
         secretKeyMapper.insert(secretKeyDO);
         return secretKeyDO.getId();
     }

modules/module-ci-machine/src/main/java/cd/casic/module/machine/utils/CryptogramUtil.java

@@ -1,5 +1,6 @@
 package cd.casic.module.machine.utils;
 
+
 import cd.casic.module.machine.dal.model.Keypair;
 import cn.hutool.log.Log;
 import com.antherd.smcrypto.sm2.Sm2;
@@ -7,8 +8,12 @@ import com.antherd.smcrypto.sm3.Sm3;
 import com.antherd.smcrypto.sm4.Sm4;
 import com.antherd.smcrypto.sm4.Sm4Options;
 
-import javax.script.ScriptException;
+/**
-
+ * 加密工具类，本框架目前使用 https://github.com/antherd/sm-crypto 项目中一些加解密方式
+ * 使用小伙伴需要过等保密评相关，请在此处更改为自己的加密方法，或加密机，使用加密机同时需要替换公钥，私钥在内部无法导出，提供加密的方法
+ *
+ * @author yubaoshan
+ */
 public class CryptogramUtil {
 
     private static final Log log = Log.get();
@@ -16,11 +21,11 @@ public class CryptogramUtil {
     /**
      * 加密方法（Sm2 的专门针对前后端分离，非对称秘钥对的方式，暴露出去的公钥，对传输过程中的密码加个密）
      *
+     * @author yubaoshan
      * @param str 待加密数据
      * @return 加密后的密文
-     * @author yubaoshan
      */
-    public static String doSm2Encrypt(String str) throws ScriptException {
+    public static String doSm2Encrypt (String str) {
         return Sm2.doEncrypt(str, Keypair.PUBLIC_KEY);
     }
 
@@ -28,11 +33,11 @@ public class CryptogramUtil {
      * 解密方法
      * 如果采用加密机的方法，用try catch 捕捉异常，返回原文值即可
      *
+     * @author yubaoshan
      * @param str 密文
      * @return 解密后的明文
-     * @author yubaoshan
      */
-    public static String doSm2Decrypt(String str) throws ScriptException {
+    public static String doSm2Decrypt (String str) {
         // 解密
         return Sm2.doDecrypt(str, Keypair.PRIVATE_KEY);
     }
@@ -40,11 +45,11 @@ public class CryptogramUtil {
     /**
      * 加密方法
      *
+     * @author yubaoshan
      * @param str 待加密数据
      * @return 加密后的密文
-     * @author yubaoshan
      */
-    public static String doEncrypt(String str) throws ScriptException {
+    public static String doEncrypt (String str) {
         // SM4 加密  cbc模式
         Sm4Options sm4Options4 = new Sm4Options();
         sm4Options4.setMode("cbc");
@@ -56,17 +61,17 @@ public class CryptogramUtil {
      * 解密方法
      * 如果采用加密机的方法，用try catch 捕捉异常，返回原文值即可
      *
+     * @author yubaoshan
      * @param str 密文
      * @return 解密后的明文
-     * @author yubaoshan
      */
-    public static String doDecrypt(String str) throws ScriptException {
+    public static String doDecrypt (String str) {
         // 解密，cbc 模式，输出 utf8 字符串
         Sm4Options sm4Options8 = new Sm4Options();
         sm4Options8.setMode("cbc");
         sm4Options8.setIv("fedcba98765432100123456789abcdef");
-        String docString = Sm4.decrypt(str, Keypair.KEY, sm4Options8);
+        String docString =  Sm4.decrypt(str, Keypair.KEY, sm4Options8);
-        if (docString.isEmpty()) {
+        if (docString.equals("")) {
             log.warn(">>> 字段解密失败，返回原文值：{}", str);
             return str;
         } else {
@@ -77,34 +82,34 @@ public class CryptogramUtil {
     /**
      * 纯签名
      *
+     * @author yubaoshan
      * @param str 待签名数据
      * @return 签名结果
-     * @author yubaoshan
      */
-    public static String doSignature(String str) throws ScriptException {
+    public static String doSignature (String str) {
         return Sm2.doSignature(str, Keypair.PRIVATE_KEY);
     }
 
     /**
      * 验证签名结果
      *
-     * @param originalStr 签名原文数据
-     * @param str         签名结果
-     * @return 是否通过
      * @author yubaoshan
+     * @param originalStr 签名原文数据
+     * @param str 签名结果
+     * @return 是否通过
      */
-    public static boolean doVerifySignature(String originalStr, String str) throws ScriptException {
+    public static boolean doVerifySignature (String originalStr, String str) {
         return Sm2.doVerifySignature(originalStr, str, Keypair.PUBLIC_KEY);
     }
 
     /**
      * 通过杂凑算法取得hash值，用于做数据完整性保护
      *
+     * @author yubaoshan
      * @param str 字符串
      * @return hash 值
-     * @author yubaoshan
      */
-    public static String doHashValue(String str) throws ScriptException {
+    public static String doHashValue (String str) {
         return Sm3.sm3(str);
     }
 

modules/module-ci-terminal/src/main/java/cd/casic/module/terminal/service/impl/HostConnectServiceImpl.java

@@ -5,6 +5,7 @@ import cd.casic.module.machine.dal.dataobject.MachineInfoDO;
 import cd.casic.module.machine.dal.dataobject.SecretKeyDO;
 import cd.casic.module.machine.dal.mysql.MachineInfoMapper;
 import cd.casic.module.machine.dal.mysql.SecretKeyMapper;
+import cd.casic.module.machine.utils.CryptogramUtil;
 import cd.casic.module.terminal.common.ErrorMessage;
 import cd.casic.module.terminal.controller.dto.TerminalConnectDTO;
 import cd.casic.module.terminal.enums.*;
@@ -64,7 +65,7 @@ public class HostConnectServiceImpl implements HostConnectService {
         CONFIG.setUsername(host.getUsername());
         if (host.getAuthenticationType().equals(1)){
             CONFIG.setAuthType(HostSshAuthTypeEnum.PASSWORD.name());
-            CONFIG.setPassword(host.getPassword());
+            CONFIG.setPassword(CryptogramUtil.doDecrypt(host.getPassword()));
         }else {
             CONFIG.setKeyId(host.getSecretKeyId());
         }